<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>User authentication | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'setting-up-authentication.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/setting-up-authentication.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/setting-up-authentication.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/setting-up-authentication.html" rel="nofollow" target="_blank">../en/setting-up-authentication.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-node">User authentication</span>
</div>
<div class="navheader">
<span class="prev">
<a href="fips-140-compliance.html">« FIPS 140-2</a>
</span>
<span class="next">
<a href="built-in-users.html">Built-in users »</a>
</span>
</div>
<div class="chapter xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="setting-up-authentication"></a>User authentication<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/authentication/overview.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>Authentication identifies an individual. To gain access to restricted resources,
a user must prove their identity, via passwords, credentials, or some other
means (typically referred to as authentication tokens).</p>
<p>The Elastic Stack authenticates users by identifying the users behind the requests
that hit the cluster and verifying that they are who they claim to be. The
authentication process is handled by one or more authentication services called
<a class="xref" href="realms.html" title="Realms"><em>realms</em></a>.</p>
<p>You can use the native support for managing and authenticating users, or
integrate with external user management systems such as LDAP and Active
Directory.</p>
<p>The Elastic Stack security features provide built-in realms such as <code class="literal">native</code>,<code class="literal">ldap</code>,
<code class="literal">active_directory</code>, <code class="literal">pki</code>, <code class="literal">file</code>, <code class="literal">saml</code>, and <code class="literal">oidc</code>. If none of the built-in
realms meet your needs, you can also build your own custom realm and plug it
into the Elastic Stack.</p>
<p>When security features are enabled, depending on the realms you’ve configured,
you must attach your user credentials to the requests sent to Elasticsearch. For example,
when using realms that support usernames and passwords you can simply attach
<a href="https://en.wikipedia.org/wiki/Basic_access_authentication" class="ulink" target="_top">basic auth</a> header to the requests.</p>
<p>The security features provide two services: the token service and the api key
service. You can use these services to exchange the current authentication for
a token or key. This token or key can then be used as credentials for
authenticating new requests. These services are enabled by default when TLS/SSL
is enabled for HTTP.</p>
















</div>
<div class="navfooter">
<span class="prev">
<a href="fips-140-compliance.html">« FIPS 140-2</a>
</span>
<span class="next">
<a href="built-in-users.html">Built-in users »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>